New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
@RobertClarke Looks very new and promising.Need to test before putting in production though.I was looking for this type of solutions for a long time
How have I never seen this? Better look at that code real good.
Exactly what I thought.
Nodewatch looks interesting. Trying it
vpsantiabuse.com is owned by IT7 networks, aka BandwagonHost/eomy.net. I was wondering why they mentioned KiwiVM when they're the only ones using it. Seems legit from whois, haven't torn apart any code yet.
Right more eyes need to go through the codes.I will not use in production though
Installation seemed easy enough. Don't understand why it needs John the Ripper installed though.
http://vpsantiabuse.com/
I was just looking at the WHT thread related to that and it looks pretty good. I might try it shortly. I don't understand why it needs John the Ripper installed either but there you go.
Has anybody tried this? If so, what's your experience with it?
@dominicl @shovenose Nodewatch uses John the Ripper to automatically scan your user's VPS for weak passwords. (John is installed automatically during Nodewatch installation, there is no need to install it separately). When a weak password is discovered, it is immediately replaced with a randomly generated password. A message is then thrown onto user's VPS console with new password as well as a record is made in the user's VPS syslog.
http://vpsantiabuse.com/nodewatch_man.php
Can I disable that John the Ripper functionality? I don't want it scanning my customers VPS.
In reference to vpsantiabuse.com
eomy.net, bandwagonhost, vpsblast
Any others? They have a lot of brands.
Claim to be around a long time, took a ton of convincing to add an SSL to bandwagonhost. Interested me that they had to be told why.
This script is ioncube encoded.
I don't trust it. Why give away something for free, pay for ioncube encoder, and encourage me to put it on my client nodes?
It seems very useful though.
If you like providing direct competitors with unspecified access to manipulate your client files.
I don't see the point of them doing that. I think it's cool. So there.
But moving forward, how would I go about disabling the John the Ripper scanner functionality.
something fishy here.I will not trust them either with encoded code+competitor
IT7 networks has an ASN at least. http://bgp.he.net/AS25820#_whois
I want to trust this. Dare I ask if anyone knows a good method for decoding ioncube. I'm not interested in spreading people's source, but I imagine it'd take me less time to decode and verify safety than to code this kind of thing on my own.
^This. John the Ripper, encoded code and competitior. I wouldn't risk using it, maybe they are trying to crack some passwords
EDIT: To be honest. If I were a hoster, I wouldn't trust this script.
@t3ster looks like right.
http://en.wikipedia.org/wiki/John_the_Ripper
John the Ripper is a free password cracking software tool. Initially developed for the UNIX operating system, it currently runs on fifteen different platforms (eleven architecture-specific flavors of Unix, DOS, Win32, BeOS, and OpenVMS)
It is explained on the site. Did you actually read over the site and their guides before you decided to use it? It is spelled out pretty well in their Short Guide. Since you were too lazy to look, I guess I can paste it for you here:
Cheers!
Source looks legit. Seeing as how I don't condone what I just did, I've deleted any evidence that backs the statement I just made. Take it as you will.